公开(公告)号：CA2634812C

公开(公告)日：2010-03-30

申请号：CA2634812

申请日：1998-09-16

Applicant: SAFENET INC

Inventor： KAPLAN MICHAEL M ,  DOUD ROBERT WALKER ,  KAVSAN BRONISLAV ,  OBER TIMOTHY ,  REED PETER

IPC: H04L9/28 ,  G06F9/38 ,  G06F9/445 ,  G06F9/46 ,  G06F21/72 ,  G06F21/74 ,  G06F21/79 ,  G06F21/82 ,  H04L9/00 ,  H04L9/06 ,  H04L9/08 ,  H04L29/06

Abstract: A secure communication platform on an integrated circuit is a highly integrated security processor which incorporates a general purpose digital signal processor (DSP) (62), along with a number of high performance cryptographic function elements, as well as a PCI and PCMCIA (14) interface. The secure communications platform is integrated with an off-the-shelf DSP so that a vendor who is interested in digital signal processing could also receive built-in security functions which cooperate with the DSP. The integrated circuit includes a callable library of cryptographic commands and encryption algorithms. An encryption processor is included to perform key and data encryption, as well as a high performance hash processor and a public key accelerator (28).

公开(公告)号：DE60233918D1

公开(公告)日：2009-11-19

申请号：DE60233918

申请日：2002-08-01

Applicant: SAFENET INC

Inventor： COUILLARD BRUNO

IPC: H04L9/08 ,  H04L9/30

Abstract: Disclosed are a system and a method for transferring with improved security root keys from a key provider system to a customer system via an information network that is other than secure. The key provider provides a secure module having a super-root key stored therein within the customer system. The super-root key is accessible internally to the module only by program code executable on a processor internal to the module, and only in response to a request from a corresponding module of the key provider system. The super-root key is only for use in decrypting encrypted root keys that are provided from the key provider system, which decrypted root keys are stored internally to the secure module.

公开(公告)号：DE60222575T2

公开(公告)日：2008-06-26

申请号：DE60222575

申请日：2002-08-08

Applicant: SAFENET INC

Inventor： WYSCHOGROD DANIEL ,  ARNAUD ALAIN ,  LEES DAVOD ERIC ,  LEIBMAN LEONID

IPC: G06F17/30 ,  H04L29/06 ,  H04L29/08

Abstract: A method for generating look-up tables for a high speed multi-bit Real-time Deterministic Finite state Automaton (hereinafter RDFA). The method begins with a DFA generated in accordance with the prior art. For each state in the DFA, and for each of the bytes recognized in parallel the following occurs. First an n-closure list is generated. An n-closure list is a list of states reachable in n-transitions from the current state. Next an alphabet transition list is generated for each state. An "alphabet transition list" is a list of the transitions out of a particular state for each of the characters in an alphabet. Finally, the transitions are grouped into classes. That is, the transitions that go to the same state are grouped into the same class. Each class is used to identify the next state. The result is a state machine that has less states than the original DFA.

公开(公告)号：DE60222575D1

公开(公告)日：2007-10-31

申请号：DE60222575

申请日：2002-08-08

Applicant: SAFENET INC

Inventor： WYSCHOGROD DANIEL ,  ARNAUD ALAIN ,  LEES DAVOD ERIC ,  LEIBMAN LEONID

IPC: G06F17/30 ,  H04L29/06 ,  H04L29/08

Abstract: A method for generating look-up tables for a high speed multi-bit Real-time Deterministic Finite state Automaton (hereinafter RDFA). The method begins with a DFA generated in accordance with the prior art. For each state in the DFA, and for each of the bytes recognized in parallel the following occurs. First an n-closure list is generated. An n-closure list is a list of states reachable in n-transitions from the current state. Next an alphabet transition list is generated for each state. An "alphabet transition list" is a list of the transitions out of a particular state for each of the characters in an alphabet. Finally, the transitions are grouped into classes. That is, the transitions that go to the same state are grouped into the same class. Each class is used to identify the next state. The result is a state machine that has less states than the original DFA.

公开(公告)号：CA2634812A1

公开(公告)日：1999-03-25

申请号：CA2634812

申请日：1998-09-16

Applicant: SAFENET INC

Inventor： REED PETER ,  DOUD ROBERT WALKER ,  KAPLAN MICHAEL M ,  OBER TIMOTHY ,  KAVSAN BRONISLAV

IPC: H04L9/28 ,  G06F9/38 ,  G06F9/445 ,  G06F9/46 ,  G06F21/72 ,  G06F21/74 ,  G06F21/79 ,  G06F21/82 ,  H04L9/00 ,  H04L9/06 ,  H04L9/08 ,  H04L29/06

公开(公告)号：AT373846T

公开(公告)日：2007-10-15

申请号：AT02798084

申请日：2002-08-08

Applicant: SAFENET INC

Inventor： WYSCHOGROD DANIEL ,  ARNAUD ALAIN ,  LEES DAVOD ,  LEIBMAN LEONID

IPC: G06F17/30 ,  H04L29/06 ,  H04L29/08

Abstract: A method for generating look-up tables for a high speed multi-bit Real-time Deterministic Finite state Automaton (hereinafter RDFA). The method begins with a DFA generated in accordance with the prior art. For each state in the DFA, and for each of the bytes recognized in parallel the following occurs. First an n-closure list is generated. An n-closure list is a list of states reachable in n-transitions from the current state. Next an alphabet transition list is generated for each state. An "alphabet transition list" is a list of the transitions out of a particular state for each of the characters in an alphabet. Finally, the transitions are grouped into classes. That is, the transitions that go to the same state are grouped into the same class. Each class is used to identify the next state. The result is a state machine that has less states than the original DFA.

公开(公告)号：AU4147097A

公开(公告)日：1998-03-06

申请号：AU4147097

申请日：1997-08-12

Applicant: SAFENET INC

Inventor： CAPUTO ANTHONY A ,  AMORUSO VICTOR P

IPC: G06F1/00 ,  G06F21/00 ,  G07F7/10 ,  H04L9/32 ,  H04L29/06 ,  H04L9/00

Abstract: A portable security device is disclosed which can be carried by an individual and connected directly to telephone circuits to both authenticate that individual and encrypt data communications. The invention can operate as an electronic "token" to uniquely identify the user to a network, to a computer system or to an application program. The "token" contains the complete network interface, such as a modem, which modulates the data and provides the circuitry required for direct connection to the network. Furthermore, this "token" will preferably not permit communications to proceed until the device, and optionally the user, have been identified by the proper authentication. The token also contains all of the cryptographic processing required to protect the data using data encryption or message authentication or digital signatures or any combination thereof. Thus, the present invention provides the user with all of the communications and security equipment needed for use with personal computers and electronic notebooks and eliminates the need for any other security measures and/or devices.

公开(公告)号：WO2019129530A1

公开(公告)日：2019-07-04

申请号：PCT/EP2018/085298

申请日：2018-12-17

Applicant: GEMALTO SA ,  SAFENET INC

Inventor： HUGOT, Didier ,  ALI, Asad Mahbaab ,  ARORA, Gorav

IPC: G06F21/31 ,  G06F21/44 ,  G06F21/60 ,  G06F21/62 ,  H04L29/06

CPC classification number: G06F3/0622 ,  G06F3/0637 ,  G06F3/067 ,  G06F21/31 ,  G06F21/44 ,  G06F21/604 ,  G06F21/62 ,  G06F2221/2113 ,  G06F2221/2129 ,  G06F2221/2141 ,  H04L63/08 ,  H04L63/10 ,  H04L2463/082

Abstract: The invention relates to a method (20) for managing data access. The method comprises: - receiving (22) at least one request for accessing data; - capturing (26) data relating to at least one current context signal during each data access request; - comparing (210), as a current authorization step, the data relating to at least one captured current context signal to predetermined reference data relating to at least one corresponding context signal according to at least one corresponding predetermined authorization policy; - determining (212) and (214), based upon the current authorization result and at least one predetermined dynamic data access policy, whether the data access is or is not authorized, as a data access decision; and - issuing the data access decision (216). The invention also relates to corresponding first device (14), second device (16) and system (10).

公开(公告)号：WO2007087316A2

公开(公告)日：2007-08-02

申请号：PCT/US2007/001800

申请日：2007-01-23

Applicant: SAFENET, INC. ,  ELTETO, Laszlo

Inventor： ELTETO, Laszlo

IPC: G06F12/14

CPC classification number: G06F21/125

Abstract: A system and method for binding a protected application to a shell module. The shell module is appended to the application. The shell module executes prior to the execution of the application, and first creates a resource. After the shell module finishes execution, the application tries to access the created resource. If the access is successful, the application is allowed to proceed. Otherwise, the application terminates. The inability of the application to access the resource is an indication that the shell module never actually created the resource. This suggests that the shell module never executed; the shell module may have been either removed or functionally disconnected from the application. This further implies that the security functionality of the shell module has not executed. The application is therefore not permitted to execute, since the shell's security checks have probably not been performed.

Abstract translation: 将受保护的应用程序绑定到shell模块的系统和方法。 shell模块附加到应用程序。 shell模块在执行应用程序之前执行，并首先创建一个资源。 shell模块完成执行后，应用程序将尝试访问创建的资源。 如果访问成功，则允许应用程序继续。 否则，应用程序终止。 应用程序无法访问资源表明shell模块从未实际创建资源。 这表明shell模块从未执行过; 壳模块可能已被删除或与应用程序功能断开连接。 这进一步意味着shell模块的安全功能尚未执行。 因此，应用程序不允许执行，因为shell的安全检查可能未被执行。

公开(公告)号：US11102014B2

公开(公告)日：2021-08-24

申请号：US16262261

申请日：2019-01-30

Applicant: Safenet Inc.

Inventor： Dmitry Riyumkin ,  Darren Johnson

IPC: H04L29/06 ,  H04L9/32 ,  G06F21/60 ,  H04L9/08 ,  H04L9/14

Abstract: The invention is a method for handling data in a secure container comprising first and second private keys uniquely allocated to the secure container. The secure container is configured to use the first private key to handle said data in a first operating mode and to use the second private key to handle said data in a second operating mode. The secure container is configured to prevent the update of the first private key after its clearing. The method comprises the step of automatically clearing the first private key in response to a request for enabling a software module in the second operating mode and a step of automatically using the first operating mode by the secure container if the first private key has not been cleared and of automatically using the second operating mode by the secure container if the first private key has been cleared.